Microsoft Health BOT Service is hosted on Azure, and is easily configurable solution that might meet multiple health-related BOT scenarios.
The scenario considered here in this article, helps us to understand how to enable end-user authentication on BOT Service to read Office 365 relevant data. For this POC, Azure AD authentication is considered. Azure AD authentication is best, only when the BOT service provider/organization manages their users entirely on Azure AD. If not the identity and authentication to be changed accordingly.
So in this article, let us understand how to enable end-user authentication on Azure Health BOT service using Azure AD, and read user profile information using Microsoft Graph API.
Create an application on Azure AD, and configure the following.
Copy the client ID and client secret from this app, to be used in the next sections on Azure Health BOT service configurations.
From the health BOT service (https://eu.healthbot.microsoft.com/account/<account-id>), navigate to integration -> authentication.
Authorization URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/token
Add new authentication provider with the configurations below.
From the health BOT service, navigate to integration -> data connection. Add new data connection, with the configurations below.
Configure the data connection step as initial step, and link to authentication and data connections configured above. In the next step, insert a statement to show the user who logs in.
Once the flow runs, user authentication will be prompted on the data connection step. Once user consents and accepts the permissions, the successful connection screen would be displayed. The necessary token is displayed on the browser URL, which is inturn passed to the BOT service.
The following snapshot shows the flow run and the results on the chat and watch panels.
The scenario considered here in this article, helps us to understand how to enable end-user authentication on BOT Service to read Office 365 relevant data. For this POC, Azure AD authentication is considered. Azure AD authentication is best, only when the BOT service provider/organization manages their users entirely on Azure AD. If not the identity and authentication to be changed accordingly.
So in this article, let us understand how to enable end-user authentication on Azure Health BOT service using Azure AD, and read user profile information using Microsoft Graph API.
Enable Azure AD Authentication Flow using Azure AD App configuration
Create an application on Azure AD, and configure the following.
- Set the required API permissions. In my case, only User.Read under Microsoft Graph delegated type.
- Set oauth2AllowImplicitFlow to true, under Manifest section or platform configuration section.
- Under platform configurations, configure the redirect URI (https://bot-api-eu.healthbot.microsoft.com/bot/redirect/oauth2) for health BOT service authentication.
- Generate the secret key from certificates & secrets. (Dem81hW@h:Ia07Os/kQEzk-Cr48_SuLm)
Copy the client ID and client secret from this app, to be used in the next sections on Azure Health BOT service configurations.
Configure Azure AD Authentication on Health BOT service
From the health BOT service (https://eu.healthbot.microsoft.com/account/<account-id>), navigate to integration -> authentication.
Authorization URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/<tenantname>.onmicrosoft.com/oauth2/v2.0/token
Add new authentication provider with the configurations below.
 |
| Azure AAD Authentication configured from the configurations done on Azure AD App |
Configure Data Connection on Health BOT service
From the health BOT service, navigate to integration -> data connection. Add new data connection, with the configurations below.
 |
| Data Connection using the Authentication configured from above step |
Configure the data flow on Health BOT service
Configure the data connection step as initial step, and link to authentication and data connections configured above. In the next step, insert a statement to show the user who logs in.
 |
| Data Connection Step configured on Azure Health BOT Service, using the above configurations. |
Once the flow runs, user authentication will be prompted on the data connection step. Once user consents and accepts the permissions, the successful connection screen would be displayed. The necessary token is displayed on the browser URL, which is inturn passed to the BOT service.
 |
| This is end-user authentication success screen, once the flow on BOT service executes the data connection configured above. |
The following snapshot shows the flow run and the results on the chat and watch panels.
 |
| BOT Service shows the flow configured, chat window, and debugger window showing the run results |
